delta/gitlab/gitlab-ce.git/spec/controllers/concerns, branch bootstrap-markdown-code-highlight gitlab.com: gitlab-org/gitlab-ce.git Fix cross-origin errors when attempting to download JavaScript attachments 2018-05-14T04:49:51+00:00 Stan Hu stanhu@gmail.com 2018-05-14T04:43:48+00:00 0c43170630b5b4e90e8f91526066435a06e077eb If you upload a file with a .js extension, Rails' cross-origin JavaScript protection will prevent a user from downloading the file with a 422 error. Setting the content-type to `text/plain` will allow the user to download the file as a plaintext file. Closes #45826 
If you upload a file with a .js extension, Rails' cross-origin JavaScript
protection will prevent a user from downloading the file with a 422 error.
Setting the content-type to `text/plain` will allow the user to download
the file as a plaintext file.

Closes #45826
Reuses `InternalRedirect` when possible 2018-05-04T11:54:43+00:00 Bob Van Landuyt bob@vanlanduyt.co 2018-05-02T18:25:21+00:00 39916fdfeddfd75279d13fa976fdb07f3b9b0e26 `InternalRedirect` prevents Open redirect issues by only allowing redirection to paths on the same host. It cleans up any unwanted strings from the path that could point to another host (fe. //about.gitlab.com/hello). While preserving the querystring and fragment of the uri. It is already used by: - `TermsController` - `ContinueParams` - `ImportsController` - `ForksController` - `SessionsController`: Only for verifying the host in CE. EE allows redirecting to a different instance using Geo. 
`InternalRedirect` prevents Open redirect issues by only allowing
redirection to paths on the same host.

It cleans up any unwanted strings from the path that could point to
another host (fe. //about.gitlab.com/hello). While preserving the
querystring and fragment of the uri.

It is already used by:

- `TermsController`
- `ContinueParams`
  - `ImportsController`
  - `ForksController`
- `SessionsController`: Only for verifying the host in CE. EE allows
   redirecting to a different instance using Geo.
Enforces terms in the web application 2018-05-04T11:54:43+00:00 Bob Van Landuyt bob@vanlanduyt.co 2018-04-27T14:50:33+00:00 7684217d6806408cd338260119364419260d1720 This enforces the terms in the web application. These cases are specced: - Logging in: When terms are enforced, and a user logs in that has not accepted the terms, they are presented with the screen. They get directed to their customized root path afterwards. - Signing up: After signing up, the first screen the user is presented with the screen to accept the terms. After they accept they are directed to the dashboard. - While a session is active: - For a GET: The user will be directed to the terms page first, after they accept the terms, they will be directed to the page they were going to - For any other request: They are directed to the terms, after they accept the terms, they are directed back to the page they came from to retry the request. Any information entered would be persisted in localstorage and available on the page. 
This enforces the terms in the web application. These cases are
specced:

- Logging in: When terms are enforced, and a user logs in that has not
  accepted the terms, they are presented with the screen. They get
  directed to their customized root path afterwards.
- Signing up: After signing up, the first screen the user is presented
  with the screen to accept the terms. After they accept they are
  directed to the dashboard.
- While a session is active:
  - For a GET: The user will be directed to the terms page first,
    after they accept the terms, they will be directed to the page
    they were going to
  - For any other request: They are directed to the terms, after they
    accept the terms, they are directed back to the page they came
    from to retry the request. Any information entered would be
    persisted in localstorage and available on the page.
Share collaboration check between view and presenter 2018-04-11T08:51:15+00:00 Bob Van Landuyt bob@vanlanduyt.co 2018-04-06T14:02:36+00:00 12dd2b0cc0cf6dd8dc43ff8b8df8687268ba4af5 






Backport ee-40781-os-to-ce
2018-03-22T12:49:04+00:00

Micaël Bergeron
mbergeron@gitlab.com

2018-03-09T15:09:00+00:00

44f37504fb229ab78606a5fd11f75316ebc2667b












Add proxy_download to perform proxied sending of all files
2018-03-09T14:16:06+00:00

Micaël Bergeron
mbergeron@gitlab.com

2018-03-09T14:16:06+00:00

fc6587f1f21c97fa19e3ae7eaac4e9add7b107b8












Port `read_cross_project` ability from EE
2018-02-22T16:11:36+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2017-12-11T14:21:06+00:00

148816cd67a314f17e79c107270cc708501bdd39












Refactor IssuableFinder to extract model-specific logic
2018-02-21T10:31:29+00:00

Sean McGivern
sean@gitlab.com

2018-02-20T12:33:49+00:00

c2fc40668c34215a7e727e60647114f1b178eb8c

By extracting a new `filter_items` method, we can override that in the
IssuesFinder and MergeRequestsFinder separately, so we don't need checks that
the model is the correct one, because we can just use the class we're in to know
that.

We can do the same for the VALID_PARAMS constant, by making it a class method.





By extracting a new `filter_items` method, we can override that in the
IssuesFinder and MergeRequestsFinder separately, so we don't need checks that
the model is the correct one, because we can just use the class we're in to know
that.

We can do the same for the VALID_PARAMS constant, by making it a class method.







Fix filter by my reaction is not working
2017-11-13T09:20:02+00:00

Hiroyuki Sato
sathiroyuki@gmail.com

2017-11-13T04:14:18+00:00

16caf95ccbb9c1930623f6f131b49f974c092150












Refactor issuables index actions
2017-11-07T13:34:12+00:00

Jarka Kadlecova
jarka@gitlab.com

2017-11-07T13:34:12+00:00

ad6e650262c1c152fe5e7d7a09607286b8f9f750